exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 34 RSS Feed

Files Date: 2007-07-17

iDEFENSE Security Advisory 2007-07-16.2
Posted Jul 17, 2007
Authored by iDefense Labs, David Maciejak | Site idefense.com

iDefense Security Advisory 07.16.07 - Remote exploitation of an authorization bypass vulnerability in Trend Micro Inc.'s OfficeScan for Windows could allow attackers to login to the management console and alter application settings. The OfficeScan installation includes a web management console that allows administrators to configure the application and the Antivirus clients it manages. The web interface login is handled by cgiChkMasterPwd.exe which is passed a hash and an encrypted version of the password generated by an ActiveX control on the login page. If cgiChkMasterPwd.exe is sent an empty encryption string and empty hash it proceeds to issue the client a valid session id which can then be used to access the web management console. iDefense has confirmed the existence of this vulnerability in OfficeScan for Windows 7.3 with all current patches applied. Previous versions may also be affected.

tags | advisory, remote, web, activex, bypass
systems | windows
advisories | CVE-2007-3455
SHA-256 | a98a64e827c3881c6d7525e8e9f19ca35a49b345f4e980df850b0db80b122c89
iDEFENSE Security Advisory 2007-07-16.1
Posted Jul 17, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 07.16.07 - Remote exploitation of a stack-based buffer overflow vulnerability in Trend Micro Inc.'s OfficeScan for Windows could allow attackers to execute arbitrary code with the privileges of the IIS Web User. The OfficeScan installation includes a series of CGI executables that are used for configuration through the Web interface. A shared library, CGIOCommon.dll, is used by many of these binaries to access environment variables passed to them from the parent IIS process. If a malicious Web request is made for a vulnerable binary, including an overly long session cookie, a stack-based Unicode buffer overflow will occur. iDefense has confirmed this vulnerability in OfficeScan 7.3 with all current patches applied. Testing has shown that this attack can be conducted by requesting multiple CGI binaries that make use of the shared library. Other versions are suspected to be vulnerable.

tags | advisory, remote, web, overflow, arbitrary, cgi
systems | windows
advisories | CVE-2007-3454
SHA-256 | 717e970657dc7614d63bea9879f3455d7230a989ef9568e0449babb1d3391f33
husrevforum-xss.txt
Posted Jul 17, 2007
Authored by GeFORC3

husrevforum version 1.0.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 9a6268a8fef309dd33aff3e3ff26997c7ab902510f1b40dfcadf2d12e54da02b
husrevforum-sql.txt
Posted Jul 17, 2007
Authored by GeFORC3

husrevforum version 1.0.1 suffers from a SQL injection vulnerability.

tags | exploit, sql injection
SHA-256 | 944c38bffdf3ffa771578e435cc8bbe8fe948a6e5ba070655e58c0abc9b265df
aspziy-xss.txt
Posted Jul 17, 2007
Authored by GeFORC3

ASP Ziyareti Defteri version 1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss, asp
SHA-256 | b6c20341b28d1155e74b73dd9dcb78326bf354b2615173ba9249608c3c6bece4
yim81-overflow.txt
Posted Jul 17, 2007
Authored by Rajesh Sethumadhavan | Site xdisclose.com

The Address Book functionality in Yahoo Messenger version 8.1 suffers from a buffer overflow.

tags | advisory, overflow
SHA-256 | 95e1c412d04b616cda7b399825a41015f2be849a596336f542782030fffa0a1f
SQLPowerInjectorSourceCodev1.2.rar
Posted Jul 17, 2007
Authored by Francois Larouche | Site sqlinjector.com

SQL Power Injector is a graphical application created in C# .Net 1.1 that helps the penetration tester to inject SQL commands on a web page. Its main strength is its capacity to automate tedious blind SQL injection with several threads. Released under the Clarified Artistic License.

tags | tool, web, scanner, sql injection
systems | unix
SHA-256 | 8aedf196b1476d7ea434cf3da9360cb5515f5099e85f117ec149f034fa863bb6
exlibris-xss.txt
Posted Jul 17, 2007
Authored by Matthew Cook | Site escarpment.net

Multiple versions of the ExLibris Aleph and Metalib products are vulnerable to simple cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
SHA-256 | 1377f44fe1fe9c888190d033eb0cba026e040316ea61f2671c77cbb9936ebeb6
HP Security Bulletin 2007-14.35
Posted Jul 17, 2007
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with HP Serviceguard for Linux. The vulnerability could be exploited to allow local unauthorized access or to increase privilege.

tags | advisory, local
systems | linux
SHA-256 | e81a29d192449b7fa8727c2a4014d4cb7bbf680042cef3f48b489528edaeed2e
webcit-multi.txt
Posted Jul 17, 2007
Authored by Christopher Schwardt

WebCit versions below 7.11 suffer from session riding and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 3cf8c7eb9dfab7535bd6d14c85ce7ad7127ab57891fd81b7f8a2c43ead412b9d
TISA2007-06-Public.txt
Posted Jul 17, 2007
Authored by Maldin d.o.o | Site teamintell.com

Element CMS suffers from a script insertion vulnerability.

tags | exploit
SHA-256 | 63f1ec03281354c4c9fa1e78bbb72e96692c64be0bc60304f83be84b9b4c1b95
opera-redirect.txt
Posted Jul 17, 2007
Authored by Robert Swiecki | Site alt.swiecki.net

Opera / Konqueror suffers from an arbitrary redirection vulnerability. It appears that Opera 9.21 and Konqueror 3.5.7 are susceptible.

tags | advisory, arbitrary
SHA-256 | 4cab2fb954164fabcc9ba6a81f2a814fd2d13f64efb28333f597de9773ed257a
ie-entrap.txt
Posted Jul 17, 2007
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

It appears that Microsoft Internet Explorer suffers from a browser entrapment vulnerability in document.open() calls.

tags | advisory
SHA-256 | 1b23865dd5ab90c94ef1fe835486566129d4f40e9c19376db573494978d39288
Clam AntiVirus Toolkit 0.91.1
Posted Jul 17, 2007
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Changes: Fixed a memory leak amongst other things.
tags | virus
systems | unix
SHA-256 | f98edecae40473c142fe49a0e02f5ff7fb28d778c4bd510dad747d208d20cb00
07162007-flash_flv_9.0.45.0_exp.zip
Posted Jul 17, 2007
Authored by yunshu | Site ph4nt0m.org

Flash Player/Plugin video file parsing remote code execution proof of concept exploit.

tags | exploit, remote, code execution, proof of concept
SHA-256 | c4c832a4c0947db21cc7b67a9747812c5b5aa1d9f09146338c11b615bbfe7e9e
trafficstats-sql.txt
Posted Jul 17, 2007
Authored by t0pp8uzz, xprog

Traffic Stats suffers from a remote SQL injection vulnerability in referralUrl.php.

tags | exploit, remote, php, sql injection
SHA-256 | 45918b2f5720a38fb77929126d7afcf01bfa8af92bb364a790a0dca2e28e74c6
pafiledb-sql.txt
Posted Jul 17, 2007
Authored by pUm, h4si

paFileDB version 3.6 suffers from a remote SQL injection vulnerability in search.php.

tags | exploit, remote, php, sql injection
SHA-256 | 5032e6a1c25fd6ef4bde77604720e3850b3441c44ada71e2381dd214795257c0
prozilla-sql.txt
Posted Jul 17, 2007
Authored by t0pp8uzz, xprog

Prozilla suffers from a SQL injection vulnerability in directory.php.

tags | exploit, php, sql injection
SHA-256 | 7a3cf3cb88c29927a6690ce1924d07b799649bdd4730318bdaa15f5989515794
realtor-sql.txt
Posted Jul 17, 2007
Authored by t0pp8uzz, xprog

Realtor 747 suffers from a SQL injection vulnerability in index.php.

tags | exploit, php, sql injection
SHA-256 | d186f975b7813caafb753a559c1e9acc468c23f3bfe1aedd69843b55f58b4e11
azdg-rfi.txt
Posted Jul 17, 2007
Authored by ThE dE@Th

AzDG Dating Gold version 3.0.5 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 9268a7d4b3622382f5f78de5eca5678066e0856f978580e4c991f9b305cb4ff8
Secunia Security Advisory 25718
Posted Jul 17, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Parvez Anwar has discovered two vulnerabilities in InterActual Player, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | 20a2ffe31d28893cbcf831622e922cb24be98cff478cc345faab7c3ddec34275
Secunia Security Advisory 25739
Posted Jul 17, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in CinePlayer, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 8911ff1e3eb057a50893b25d987d2cc17ddba95f8b460a4dface34691bcf250a
Secunia Security Advisory 25979
Posted Jul 17, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Alex Hernandez has reported some vulnerabilities in Proventia GX5108 and GX5008, which potentially can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system.

tags | advisory, vulnerability, xss
SHA-256 | 1c826133f1ef12ac5d4bc75cf77e166b44a1c469f743df7afca1774b1c01ec09
Secunia Security Advisory 26005
Posted Jul 17, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Daniel Weber has reported a vulnerability in eSoft InstaGate, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
SHA-256 | 925a77c2460fd7f7b69ad9d8be8e087a955ae72e24df4217a9f32d7e5332b01f
Secunia Security Advisory 26012
Posted Jul 17, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for libnet-dns-perl. This fixes two vulnerabilities, which can be exploited to poison the DNS cache or to cause a DoS (Denial of Service).

tags | advisory, denial of service, perl, vulnerability
systems | linux, ubuntu
SHA-256 | f1509f7e4d3dfcc023a8ab89d9894b624c71f26038a29d112d43bbfc71e14454
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close